WordPress.org

Make WordPress Core

Changeset 6643


Ignore:
Timestamp:
01/22/2008 07:35:19 PM (10 years ago)
Author:
ryan
Message:

Refactor login. see #5405

Location:
trunk
Files:
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/wp-includes/pluggable.php

    r6637 r6643  
    414414endif;
    415415
    416 if ( !function_exists('wp_login') ) :
    417 /**
    418  * wp_login() - Checks a users login information and logs them in if it checks out
    419  *
    420  * Use the global $error to get the reason why the login failed.
    421  * If the username is blank, no error will be set, so assume
    422  * blank username on that case.
    423  *
    424  * Plugins extending this function should also provide the global
    425  * $error and set what the error is, so that those checking the
    426  * global for why there was a failure can utilize it later.
    427  *
    428  * @since 1.2.2
    429  * @global string $error Error when false is returned
     416/**
     417 * wp_authenticate() - Checks a user's login information and logs them in if it checks out
     418 * @since 2.5
    430419 *
    431420 * @param string $username User's username
    432421 * @param string $password User's password
    433  * @param bool $deprecated Not used
    434  * @return bool False on login failure, true on successful check
    435  */
    436 function wp_login($username, $password, $deprecated = '') {
    437     global $error;
    438 
     422 * @return WP_Error|WP_User WP_User object if login successful, otherwise WP_Error object.
     423 */
     424if ( !function_exists('wp_authenticate') ) :
     425function wp_authenticate($username, $password) {
    439426    $username = sanitize_user($username);
    440427
    441428    if ( '' == $username )
    442         return false;
    443 
    444     if ( '' == $password ) {
    445         $error = __('<strong>ERROR</strong>: The password field is empty.');
    446         return false;
    447     }
     429        return new WP_Error('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
     430
     431    if ( '' == $password )
     432        return new WP_Error('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
    448433
    449434    $user = get_userdatabylogin($username);
    450435
    451     if ( !$user || ($user->user_login != $username) ) {
    452         $error = __('<strong>ERROR</strong>: Invalid username.');
    453         return false;
    454     }
    455 
    456     if ( !wp_check_password($password, $user->user_pass) ) {
    457         $error = __('<strong>ERROR</strong>: Incorrect password.');
    458         return false;
    459     }
     436    if ( !$user || ($user->user_login != $username) )
     437        return new WP_Error('invalid_username', __('<strong>ERROR</strong>: Invalid username.'));
     438
     439    if ( !wp_check_password($password, $user->user_pass) )
     440        return new WP_Error('incorrect_password', __('<strong>ERROR</strong>: Incorrect password.'));
    460441
    461442    // If using old md5 password, rehash.
     
    463444        wp_set_password($password, $user->ID);
    464445
    465     return true;
     446    return new WP_User($user->ID);
     447}
     448endif;
     449
     450/**
     451 * wp_logout() - Log the current user out
     452 * @since 2.5
     453 *
     454 */
     455if ( !function_exists('wp_logout') ) :
     456function wp_logout() {
     457    wp_clear_auth_cookie();
     458    do_action('wp_logout');
    466459}
    467460endif;
     
    12261219endif;
    12271220
     1221if ( !function_exists('wp_login') ) :
     1222/**
     1223 * wp_login() - Checks a users login information and logs them in if it checks out
     1224 *
     1225 * Use the global $error to get the reason why the login failed.
     1226 * If the username is blank, no error will be set, so assume
     1227 * blank username on that case.
     1228 *
     1229 * Plugins extending this function should also provide the global
     1230 * $error and set what the error is, so that those checking the
     1231 * global for why there was a failure can utilize it later.
     1232 *
     1233 * @since 1.2.2
     1234 * @deprecated Use wp_signin()
     1235 * @global string $error Error when false is returned
     1236 *
     1237 * @param string $username User's username
     1238 * @param string $password User's password
     1239 * @param bool $deprecated Not used
     1240 * @return bool False on login failure, true on successful check
     1241 */
     1242function wp_login($username, $password, $deprecated = '') {
     1243    global $error;
     1244
     1245    $user = wp_authenticate($username, $password);
     1246
     1247    if ( ! is_wp_error($user) )
     1248        return true;
     1249
     1250    $error = $user->get_error_message();
     1251    return false;
     1252}
     1253endif;
     1254
    12281255?>
  • trunk/wp-includes/post.php

    r6594 r6643  
    10631063    }
    10641064
    1065     if ( $update ) {
     1065    if ( $update || '0000-00-00 00:00:00' == $post_date ) {
    10661066        $post_modified     = current_time( 'mysql' );
    10671067        $post_modified_gmt = current_time( 'mysql', 1 );
  • trunk/wp-includes/user.php

    r6391 r6643  
    11<?php
     2
     3function wp_signon( $credentials = '' ) {
     4    if ( empty($credentials) ) {
     5        if ( ! empty($_POST['log']) )
     6            $credentials['user_login'] = $_POST['log'];
     7        if ( ! empty($_POST['pwd']) )
     8            $credentials['user_password'] = $_POST['pwd'];
     9        if ( ! empty($_POST['rememberme']) )
     10            $credentials['remember'] = $_POST['rememberme'];
     11    }
     12
     13    if ( !empty($credentials['user_login']) )
     14        $credentials['user_login'] = sanitize_user($credentials['user_login']);
     15    if ( !empty($credentials['user_password']) )
     16        $credentials['user_password'] = trim($credentials['user_password']);
     17    if ( !empty($credentials['remember']) )
     18        $credentials['remember'] = true;
     19    else
     20        $credentials['remember'] = false;
     21
     22    // If no credential info provided, check cookie.
     23    if ( empty($credentials['user_login']) && empty($credentials['user_password']) ) {
     24            $user = wp_validate_auth_cookie();
     25            if ( $user )
     26                return new WP_User($user);
     27
     28            if ( !empty($_COOKIE[AUTH_COOKIE]) )
     29                return new WP_Error('expired_session', __('Your session has expired.'));
     30
     31            // If the cookie is not set, be silent.
     32            return new WP_Error();
     33    }
     34
     35    if ( empty($credentials['user_login']) || empty($credentials['user_password']) ) {
     36        $error = new WP_Error();
     37
     38        if ( empty($credentials['user_login']) )
     39            $error->add('empty_username', __('<strong>ERROR</strong>: The username field is empty.'));
     40        if ( empty($credentials['user_password']) )
     41            $error->add('empty_password', __('<strong>ERROR</strong>: The password field is empty.'));
     42        return $error;
     43    }
     44
     45    do_action_ref_array('wp_authenticate', array(&$credentials['user_login'], &$credentials['user_password']));
     46
     47    $user = wp_authenticate($credentials['user_login'], $credentials['user_password']);
     48    if ( is_wp_error($user) )
     49        return $user;
     50
     51    wp_set_auth_cookie($user->ID);
     52    do_action('wp_login', $credentials['user_login']);
     53    return $user;
     54}
    255
    356function get_profile($field, $user = false) {
     
    1669// TODO: xmlrpc only.  Maybe move to xmlrpc.php.
    1770function user_pass_ok($user_login,$user_pass) {
    18     $userdata = get_userdatabylogin($user_login);
    19     return wp_check_password($user_pass, $userdata->user_pass);
     71    $user = wp_authenticate($user_login, $user_pass);
     72    if ( is_wp_error($user) )
     73        return false;
     74
     75    return true;
    2076}
    2177
  • trunk/wp-login.php

    r6612 r6643  
    22require( dirname(__FILE__) . '/wp-config.php' );
    33
    4 $action = $_REQUEST['action'];
    5 $errors = array();
    6 
    7 if ( isset($_GET['key']) )
    8     $action = 'resetpass';
    9 
    10 nocache_headers();
    11 
    12 header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));
    13 
    14 if ( defined('RELOCATE') ) { // Move flag is set
    15     if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
    16         $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
    17 
    18     $schema = ( isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ) ? 'https://' : 'http://';
    19     if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') )
    20         update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) );
    21 }
    22 
    23 //Set a cookie now to see if they are supported by the browser.
    24 setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
    25 if ( SITECOOKIEPATH != COOKIEPATH )
    26     setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
    27 
    284// Rather than duplicating this HTML all over the place, we'll stick it in function
    29 function login_header($title = 'Login', $message = '') {
    30     global $errors, $error;
    31 
     5function login_header($title = 'Login', $message = '', $wp_error = '') {
     6    global $error;
     7
     8    if ( empty($wp_error) )
     9        $wp_error = new WP_Error();
    3210    ?>
    3311<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
     
    5129    if ( !empty( $message ) ) echo apply_filters('login_message', $message) . "\n";
    5230
    53     // Incase a plugin uses $error rather than the $errors array
     31    // Incase a plugin uses $error rather than the $errors object
    5432    if ( !empty( $error ) ) {
    55         $errors['error'] = $error;
     33        $wp_error->add('error', $error);
    5634        unset($error);
    5735    }
    5836
    59     if ( !empty( $errors ) ) {
    60         if ( is_array( $errors ) ) {
    61             $newerrors = "\n";
    62             foreach ( $errors as $error ) $newerrors .= '   ' . $error . "<br />\n";
    63             $errors = $newerrors;
    64         }
     37    if ( $wp_error->get_error_code() ) {
     38        $errors = "\n";
     39        foreach ( $wp_error->get_error_messages() as $error )
     40            $errors .= '    ' . $error . "<br />\n";
    6541
    6642        echo '<div id="login_error">' . apply_filters('login_errors', $errors) . "</div>\n";
    6743    }
    6844} // End of login_header()
     45
     46function retrieve_password() {
     47    global $wpdb;
     48
     49    $errors = new WP_Error();
     50
     51    if ( empty( $_POST['user_login'] ) && empty( $_POST['user_email'] ) )
     52        $errors->add('empty_username', __('<strong>ERROR</strong>: Enter a username or e-mail address.'));
     53
     54    if ( strstr($_POST['user_login'], '@') ) {
     55        $user_data = get_user_by_email(trim($_POST['user_login']));
     56        if ( empty($user_data) )
     57            $errors->add('invalid_email', __('<strong>ERROR</strong>: There is no user registered with that email address.'));
     58    } else {
     59        $login = trim($_POST['user_login']);
     60        $user_data = get_userdatabylogin($login);
     61    }
     62
     63    do_action('lostpassword_post');
     64
     65    if ( $errors->get_error_code() )
     66        return $errors;
     67   
     68    if ( !$user_data ) {
     69        $errors->add('invalidcombo', __('<strong>ERROR</strong>: Invalid username or e-mail.'));
     70        return $errors;
     71    }
     72
     73    // redefining user_login ensures we return the right case in the email
     74    $user_login = $user_data->user_login;
     75    $user_email = $user_data->user_email;
     76
     77    do_action('retreive_password', $user_login);  // Misspelled and deprecated
     78    do_action('retrieve_password', $user_login);
     79
     80    // Generate something random for a key...
     81    $key = wp_generate_password();
     82    // Now insert the new md5 key into the db
     83    $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'");
     84    $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
     85    $message .= get_option('siteurl') . "\r\n\r\n";
     86    $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
     87    $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
     88    $message .= get_option('siteurl') . "/wp-login.php?action=rp&key=$key\r\n";
     89
     90    if ( !wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message) )
     91        die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
     92
     93    return true;
     94}
     95
     96function reset_password($key) {
     97    global $wpdb;
     98
     99    $key = preg_replace('/[^a-z0-9]/i', '', $key);
     100
     101    if ( empty( $key ) )
     102        return new WP_Error('invalid_key', __('Invalid key'));
     103
     104    $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");
     105    if ( empty( $user ) )
     106        return new WP_Error('invalid_key', __('Invalid key'));
     107
     108    do_action('password_reset');
     109
     110    // Generate something random for a password...
     111    $new_pass = wp_generate_password();
     112    wp_set_password($new_pass, $user->ID);
     113    $message  = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
     114    $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
     115    $message .= get_option('siteurl') . "/wp-login.php\r\n";
     116
     117    if (  !wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message) )
     118        die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
     119
     120    // send a copy of password change notification to the admin
     121    // but check to see if it's the admin whose password we're changing, and skip this
     122    if ( $user->user_email != get_option('admin_email') ) {
     123        $message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n";
     124        wp_mail(get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), get_option('blogname')), $message);
     125    }
     126
     127    return true;
     128}
     129
     130function register_new_user($user_login, $user_email) {
     131    $errors = new WP_Error();
     132
     133    $user_login = sanitize_user( $user_login );
     134    $user_email = apply_filters( 'user_registration_email', $user_email );
     135
     136    // Check the username
     137    if ( $user_login == '' )
     138        $errors->add('empty_username', __('<strong>ERROR</strong>: Please enter a username.'));
     139    elseif ( !validate_username( $user_login ) ) {
     140        $errors->add('invalid_username', __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.'));
     141        $user_login = '';
     142    } elseif ( username_exists( $user_login ) )
     143        $errors->add('username_exists', __('<strong>ERROR</strong>: This username is already registered, please choose another one.'));
     144
     145    // Check the e-mail address
     146    if ($user_email == '') {
     147        $errors->add('empty_email', __('<strong>ERROR</strong>: Please type your e-mail address.'));
     148    } elseif ( !is_email( $user_email ) ) {
     149        $errors->add('invalid_email', __('<strong>ERROR</strong>: The email address isn&#8217;t correct.'));
     150        $user_email = '';
     151    } elseif ( email_exists( $user_email ) )
     152        $errors->add('email_exists', __('<strong>ERROR</strong>: This email is already registered, please choose another one.'));
     153
     154    do_action('register_post');
     155
     156    $errors = apply_filters( 'registration_errors', $errors );
     157
     158    if ( $errors->get_error_code() )
     159        return $errors;
     160
     161    $user_pass = wp_generate_password();
     162    $user_id = wp_create_user( $user_login, $user_pass, $user_email );
     163    if ( !$user_id ) {
     164        $errors->add('registerfail', sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_option('admin_email')));
     165        return $errors;
     166    }
     167
     168    wp_new_user_notification($user_id, $user_pass);
     169
     170    return $user_id;
     171}
     172
     173//
     174// Main
     175//
     176
     177$action = $_REQUEST['action'];
     178$errors = new WP_Error();
     179
     180if ( isset($_GET['key']) )
     181    $action = 'resetpass';
     182
     183nocache_headers();
     184
     185header('Content-Type: '.get_bloginfo('html_type').'; charset='.get_bloginfo('charset'));
     186
     187if ( defined('RELOCATE') ) { // Move flag is set
     188    if ( isset( $_SERVER['PATH_INFO'] ) && ($_SERVER['PATH_INFO'] != $_SERVER['PHP_SELF']) )
     189        $_SERVER['PHP_SELF'] = str_replace( $_SERVER['PATH_INFO'], '', $_SERVER['PHP_SELF'] );
     190
     191    $schema = ( isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) == 'on' ) ? 'https://' : 'http://';
     192    if ( dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) != get_option('siteurl') )
     193        update_option('siteurl', dirname($schema . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']) );
     194}
     195
     196//Set a cookie now to see if they are supported by the browser.
     197setcookie(TEST_COOKIE, 'WP Cookie check', 0, COOKIEPATH, COOKIE_DOMAIN);
     198if ( SITECOOKIEPATH != COOKIEPATH )
     199    setcookie(TEST_COOKIE, 'WP Cookie check', 0, SITECOOKIEPATH, COOKIE_DOMAIN);
    69200
    70201$http_post = ('POST' == $_SERVER['REQUEST_METHOD']);
     
    73204case 'logout' :
    74205
    75     wp_clearcookie();
    76     do_action('wp_logout');
     206    wp_logout();
    77207
    78208    $redirect_to = 'wp-login.php?loggedout=true';
     
    87217case 'lostpassword' :
    88218case 'retrievepassword' :
    89     $user_login = '';
    90     $user_pass = '';
    91 
    92219    if ( $http_post ) {
    93         if ( empty( $_POST['user_login'] ) )
    94             $errors['user_login'] = __('<strong>ERROR</strong>: The username field is empty.');
    95         if ( empty( $_POST['user_email'] ) )
    96             $errors['user_email'] = __('<strong>ERROR</strong>: The e-mail field is empty.');
    97 
    98         do_action('lostpassword_post');
    99 
    100         if ( empty( $errors ) ) {
    101             $user_data = get_userdatabylogin(trim($_POST['user_login']));
    102             // redefining user_login ensures we return the right case in the email
    103             $user_login = $user_data->user_login;
    104             $user_email = $user_data->user_email;
    105 
    106             if (!$user_email || $user_email != $_POST['user_email']) {
    107                 $errors['invalidcombo'] = __('<strong>ERROR</strong>: Invalid username / e-mail combination.');
    108             } else {
    109                 do_action('retreive_password', $user_login);  // Misspelled and deprecated
    110                 do_action('retrieve_password', $user_login);
    111 
    112                 // Generate something random for a key...
    113                 $key = substr( md5( uniqid( microtime() ) ), 0, 8);
    114                 // Now insert the new md5 key into the db
    115                 $wpdb->query("UPDATE $wpdb->users SET user_activation_key = '$key' WHERE user_login = '$user_login'");
    116                 $message = __('Someone has asked to reset the password for the following site and username.') . "\r\n\r\n";
    117                 $message .= get_option('siteurl') . "\r\n\r\n";
    118                 $message .= sprintf(__('Username: %s'), $user_login) . "\r\n\r\n";
    119                 $message .= __('To reset your password visit the following address, otherwise just ignore this email and nothing will happen.') . "\r\n\r\n";
    120                 $message .= get_option('siteurl') . "/wp-login.php?action=rp&key=$key\r\n";
    121 
    122                 if (FALSE == wp_mail($user_email, sprintf(__('[%s] Password Reset'), get_option('blogname')), $message)) {
    123                     die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
    124                 } else {
    125                     wp_redirect('wp-login.php?checkemail=confirm');
    126                     exit();
    127                 }
    128             }
     220        $errors = retrieve_password();
     221        if ( !is_wp_error($errors) ) {
     222            wp_redirect('wp-login.php?checkemail=confirm');
     223            exit();
    129224        }
    130225    }
    131226
    132     if ( 'invalidkey' == $_GET['error'] ) $errors['invalidkey'] = __('Sorry, that key does not appear to be valid.');
     227    if ( 'invalidkey' == $_GET['error'] ) $errors->add('invalidkey', __('Sorry, that key does not appear to be valid.'));
    133228
    134229    do_action('lost_password');
    135     login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username and e-mail address. You will receive a new password via e-mail.') . '</p>');
     230    login_header(__('Lost Password'), '<p class="message">' . __('Please enter your username or e-mail address. You will receive a new password via e-mail.') . '</p>', $errors);
    136231?>
    137232
    138233<form name="lostpasswordform" id="lostpasswordform" action="wp-login.php?action=lostpassword" method="post">
    139234    <p>
    140         <label><?php _e('Username') ?><br />
     235        <label><?php _e('Username or E-mail:') ?><br />
    141236        <input type="text" name="user_login" id="user_login" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_login'])); ?>" size="20" tabindex="10" /></label>
    142     </p>
    143     <p>
    144         <label><?php _e('E-mail') ?><br />
    145         <input type="text" name="user_email" id="user_email" class="input" value="<?php echo attribute_escape(stripslashes($_POST['user_email'])); ?>" size="25" tabindex="20" /></label>
    146237    </p>
    147238<?php do_action('lostpassword_form'); ?>
     
    170261case 'resetpass' :
    171262case 'rp' :
    172     $key = preg_replace('/[^a-z0-9]/i', '', $_GET['key']);
    173     if ( empty( $key ) ) {
    174         wp_redirect('wp-login.php?action=lostpassword&error=invalidkey');
    175         exit();
    176     }
    177 
    178     $user = $wpdb->get_row("SELECT * FROM $wpdb->users WHERE user_activation_key = '$key'");
    179     if ( empty( $user ) ) {
    180         wp_redirect('wp-login.php?action=lostpassword&error=invalidkey');
    181         exit();
    182     }
    183 
    184     do_action('password_reset');
    185 
    186     // Generate something random for a password...
    187     $new_pass = wp_generate_password();
    188     wp_set_password($new_pass, $user->ID);
    189     $message  = sprintf(__('Username: %s'), $user->user_login) . "\r\n";
    190     $message .= sprintf(__('Password: %s'), $new_pass) . "\r\n";
    191     $message .= get_option('siteurl') . "/wp-login.php\r\n";
    192 
    193     if (FALSE == wp_mail($user->user_email, sprintf(__('[%s] Your new password'), get_option('blogname')), $message)) {
    194         die('<p>' . __('The e-mail could not be sent.') . "<br />\n" . __('Possible reason: your host may have disabled the mail() function...') . '</p>');
    195     } else {
    196         // send a copy of password change notification to the admin
    197         // but check to see if it's the admin whose password we're changing, and skip this
    198         if ($user->user_email != get_option('admin_email')) {
    199             $message = sprintf(__('Password Lost and Changed for user: %s'), $user->user_login) . "\r\n";
    200             wp_mail(get_option('admin_email'), sprintf(__('[%s] Password Lost/Changed'), get_option('blogname')), $message);
    201         }
    202 
     263    $errors = reset_password($_GET['key']);
     264
     265    if ( ! is_wp_error($errors) ) {
    203266        wp_redirect('wp-login.php?checkemail=newpass');
    204267        exit();
    205268    }
     269
     270    wp_redirect('wp-login.php?action=lostpassword&error=invalidkey');
     271    exit();
     272
    206273break;
    207274
    208275case 'register' :
    209     if ( FALSE == get_option('users_can_register') ) {
     276    if ( !get_option('users_can_register') ) {
    210277        wp_redirect('wp-login.php?registration=disabled');
    211278        exit();
    212279    }
    213280
     281    $user_login = '';
     282    $user_email = '';
    214283    if ( $http_post ) {
    215284        require_once( ABSPATH . WPINC . '/registration.php');
    216285
    217         $user_login = sanitize_user( $_POST['user_login'] );
    218         $user_email = apply_filters( 'user_registration_email', $_POST['user_email'] );
    219 
    220         // Check the username
    221         if ( $user_login == '' )
    222             $errors['user_login'] = __('<strong>ERROR</strong>: Please enter a username.');
    223         elseif ( !validate_username( $user_login ) ) {
    224             $errors['user_login'] = __('<strong>ERROR</strong>: This username is invalid.  Please enter a valid username.');
    225             $user_login = '';
    226         } elseif ( username_exists( $user_login ) )
    227             $errors['user_login'] = __('<strong>ERROR</strong>: This username is already registered, please choose another one.');
    228 
    229         // Check the e-mail address
    230         if ($user_email == '') {
    231             $errors['user_email'] = __('<strong>ERROR</strong>: Please type your e-mail address.');
    232         } elseif ( !is_email( $user_email ) ) {
    233             $errors['user_email'] = __('<strong>ERROR</strong>: The email address isn&#8217;t correct.');
    234             $user_email = '';
    235         } elseif ( email_exists( $user_email ) )
    236             $errors['user_email'] = __('<strong>ERROR</strong>: This email is already registered, please choose another one.');
    237 
    238         do_action('register_post');
    239 
    240         $errors = apply_filters( 'registration_errors', $errors );
    241 
    242         if ( empty( $errors ) ) {
    243             $user_pass = wp_generate_password();
    244 
    245             $user_id = wp_create_user( $user_login, $user_pass, $user_email );
    246             if ( !$user_id )
    247                 $errors['registerfail'] = sprintf(__('<strong>ERROR</strong>: Couldn&#8217;t register you... please contact the <a href="mailto:%s">webmaster</a> !'), get_option('admin_email'));
    248             else {
    249                 wp_new_user_notification($user_id, $user_pass);
    250 
    251                 wp_redirect('wp-login.php?checkemail=registered');
    252                 exit();
    253             }
     286        $user_login = $_POST['user_login'];
     287        $user_email = $_POST['user_email'];
     288        $errors = register_new_user($user_login, $user_email);
     289        if ( !is_wp_error($errors) ) {
     290            wp_redirect('wp-login.php?checkemail=registered');
     291            exit();
    254292        }
    255293    }
    256294
    257     login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>');
     295    login_header(__('Registration Form'), '<p class="message register">' . __('Register For This Site') . '</p>', $errors);
    258296?>
    259297
     
    289327case 'login' :
    290328default:
    291     $user_login = '';
    292     $user_pass = '';
    293 
    294329    if ( !isset( $_REQUEST['redirect_to'] ) || is_user_logged_in() )
    295330        $redirect_to = 'wp-admin/';
     
    297332        $redirect_to = $_REQUEST['redirect_to'];
    298333
    299     if ( $http_post ) {
    300         // If cookies are disabled we can't log in even with a valid user+pass
    301         if ( empty($_COOKIE[TEST_COOKIE]) )
    302             $errors['test_cookie'] = __('<strong>ERROR</strong>: WordPress requires Cookies but your browser does not support them or they are blocked.');
    303        
    304         $user_login = $_POST['log'];
    305         $user_login = sanitize_user( $user_login );
    306         $user_pass  = $_POST['pwd'];
    307         $rememberme = $_POST['rememberme'];
    308 
    309         do_action_ref_array('wp_authenticate', array(&$user_login, &$user_pass));
    310     } else {
    311         $user = wp_validate_auth_cookie();
    312         if ( !$user ) {
    313             if ( empty($_GET['loggedout']) && !empty($_COOKIE[AUTH_COOKIE]) )
    314                 $errors['expiredsession'] = __('Your session has expired.');
    315         } else {
    316             $user = new WP_User($user);
    317 
    318             // If the user can't edit posts, send them to their profile.
    319             if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) )
    320                 $redirect_to = get_option('siteurl') . '/wp-admin/profile.php';
    321             wp_safe_redirect($redirect_to);
    322             exit();
    323         }
    324     }
    325 
    326     if ( $user_login && $user_pass && empty( $errors ) ) {
    327         $user = new WP_User(0, $user_login);
    328 
     334    $user = wp_signon();
     335
     336    if ( !is_wp_error($user) ) {
    329337        // If the user can't edit posts, send them to their profile.
    330338        if ( !$user->has_cap('edit_posts') && ( empty( $redirect_to ) || $redirect_to == 'wp-admin/' ) )
    331             $redirect_to = get_option('siteurl') . '/wp-admin/profile.php';
    332 
    333         if ( wp_login($user_login, $user_pass) ) {
    334             wp_set_auth_cookie($user->ID, $rememberme);
    335             do_action('wp_login', $user_login);
    336             wp_safe_redirect($redirect_to);
    337             exit();
    338         }
    339     }
    340 
    341     if ( $http_post && empty( $user_login ) )
    342         $errors['user_login'] = __('<strong>ERROR</strong>: The username field is empty.');
    343     if ( $http_post && empty( $user_pass ) )
    344         $errors['user_pass'] = __('<strong>ERROR</strong>: The password field is empty.');
     339            $redirect_to = get_option('siteurl') . '/wp-admin/profile.php';
     340        wp_safe_redirect($redirect_to);
     341        exit();
     342    }
     343   
     344    $errors = $user;
     345    // Clear errors if loggedout is set.
     346    if ( !empty($_GET['loggedout']) )
     347        $errors = new WP_Error();
     348
     349    // If cookies are disabled we can't log in even with a valid user+pass
     350    if ( isset($_POST['testcookie']) && empty($_COOKIE[TEST_COOKIE]) )
     351        $errors->add('test_cookie', __("<strong>ERROR</strong>: Cookies are blocked or not supported by your browser. You must <a href='http://www.google.com/cookies.html'>enable cookies</a> to use WordPress."));
    345352
    346353    // Some parts of this script use the main login form to display a message
    347     if      ( TRUE == $_GET['loggedout'] )          $errors['loggedout']        = __('You are now logged out.');
    348     elseif  ( 'disabled' == $_GET['registration'] ) $errors['registerdiabled']  = __('User registration is currently not allowed.');
    349     elseif  ( 'confirm' == $_GET['checkemail'] )    $errors['confirm']          = __('Check your e-mail for the confirmation link.');
    350     elseif  ( 'newpass' == $_GET['checkemail'] )    $errors['newpass']          = __('Check your e-mail for your new password.');
    351     elseif  ( 'registered' == $_GET['checkemail'] ) $errors['registered']       = __('Registration complete. Please check your e-mail.');
    352 
    353     login_header(__('Login'));
     354    if      ( TRUE == $_GET['loggedout'] )          $errors->add('loggedout', __('You are now logged out.'));
     355    elseif  ( 'disabled' == $_GET['registration'] ) $errors->add('registerdiabled', __('User registration is currently not allowed.'));
     356    elseif  ( 'confirm' == $_GET['checkemail'] )    $errors->add('confirm', __('Check your e-mail for the confirmation link.'));
     357    elseif  ( 'newpass' == $_GET['checkemail'] )    $errors->add('newpass', __('Check your e-mail for your new password.'));
     358    elseif  ( 'registered' == $_GET['checkemail'] ) $errors->add('registered', __('Registration complete. Please check your e-mail.'));
     359
     360    login_header(__('Login'), '', $errors);
    354361?>
    355362
     
    369376        <input type="submit" name="wp-submit" id="wp-submit" value="<?php _e('Log in'); ?> &raquo;" tabindex="100" />
    370377        <input type="hidden" name="redirect_to" value="<?php echo attribute_escape($redirect_to); ?>" />
     378        <input type="hidden" name="testcookie" value="1" />
    371379  <div><br clear="all" /></div>
    372380    </p>
Note: See TracChangeset for help on using the changeset viewer.